www.cpomagazine.com
Open in
urlscan Pro
2606:4700:3031::6815:a92
Public Scan
Submitted URL: https://mkto-sj130112.com/MDAxLVZKWC0xMDQAAAGFtpfI80R7MzEjZWVtvN3RHnVe5jiP2_1x341XLz8Y78RbggpwFgWHZegnER3z70jRm7ddy08=
Effective URL: https://www.cpomagazine.com/cyber-security/over-24-billion-compromised-user-credentials-circulating-on-the-dark-web-market/?...
Submission: On July 19 via api from US — Scanned from DE
Effective URL: https://www.cpomagazine.com/cyber-security/over-24-billion-compromised-user-credentials-circulating-on-the-dark-web-market/?...
Submission: On July 19 via api from US — Scanned from DE
Form analysis 4 forms found in the DOM
POST https://cpomagazine.activehosted.com/proc.php
<form method="POST" action="https://cpomagazine.activehosted.com/proc.php" id="_form_62D6F39B929F3_" class="_form _form_5 _inline-form _dark" novalidate="">
<input type="hidden" name="u" value="62D6F39B929F3" data-name="u">
<input type="hidden" name="f" value="5" data-name="f">
<input type="hidden" name="s" data-name="s">
<input type="hidden" name="c" value="0" data-name="c">
<input type="hidden" name="m" value="0" data-name="m">
<input type="hidden" name="act" value="sub" data-name="act">
<input type="hidden" name="v" value="2" data-name="v">
<input type="hidden" name="or" value="0e300c61f2c3125861d669eff7383986" data-name="or">
<div class="_form-content">
<div class="_form_element _x77566567 _full_width _clear">
<div class="_form-title">Stay Updated</div>
</div>
<div class="_form_element _x15145207 _full_width _clear">
<div class="_html-code">
<p>Get notified of new articles and relevant events.</p>
</div>
</div>
<div class="_form_element _x05506158 _full_width ">
<label for="email" class="_form-label"></label>
<div class="_field-wrapper">
<input type="text" id="email" name="email" placeholder="Type your email" required="" data-name="email">
</div>
</div>
<div class="_form_element _field2 _full_width ">
<fieldset class="_form-fieldset">
<div class="_row">
<legend for="field[2][]" class="_form-label">
</legend>
</div>
<input data-autofill="false" type="hidden" id="field[2][]" name="field[2][]" value="~|" data-name="consent">
<div class="_row _checkbox-radio">
<input id="field_2I agree to the privacy policy" type="checkbox" name="field[2][]" value="I agree to the privacy policy" data-name="consent">
<span><label for="field_2I agree to the privacy policy">I agree to the privacy policy</label></span>
</div>
</fieldset>
</div>
<div class="_button-wrapper _full_width"><button id="_form_5_submit" class="_submit" type="submit">Submit</button></div>
<div class="_clear-element"></div>
</div>
<div class="_form-thank-you" style="display:none;"></div>
<div class="_form-branding">
<div class="_marketing-by">Marketing by</div>
<a href="https://www.activecampaign.com/?utm_medium=referral&utm_campaign=acforms" class="_logo">
<span class="form-sr-only">ActiveCampaign</span>
</a>
</div>
</form>POST https://cpomagazine.activehosted.com/proc.php
<form method="POST" action="https://cpomagazine.activehosted.com/proc.php" id="_form_62D6F39B8F75F_" class="_form _form_1 _inline-form _dark" novalidate="">
<input type="hidden" name="u" value="62D6F39B8F75F" data-name="u">
<input type="hidden" name="f" value="1" data-name="f">
<input type="hidden" name="s" data-name="s">
<input type="hidden" name="c" value="0" data-name="c">
<input type="hidden" name="m" value="0" data-name="m">
<input type="hidden" name="act" value="sub" data-name="act">
<input type="hidden" name="v" value="2" data-name="v">
<input type="hidden" name="or" value="79b7cabee35a61965afc1d1609a35e5d" data-name="or">
<div class="_form-content">
<div class="_form_element _x61394459 _full_width _clear">
<div class="_html-code">
<p>Get notified of new articles and relevant events.</p>
</div>
</div>
<div class="_form_element _x31449036 _full_width ">
<label for="email" class="_form-label"></label>
<div class="_field-wrapper">
<input type="text" id="email" name="email" placeholder="Type your email" required="" data-name="email">
</div>
</div>
<div class="_form_element _field2 _full_width ">
<fieldset class="_form-fieldset">
<div class="_row">
<legend for="field[2][]" class="_form-label">
</legend>
</div>
<input data-autofill="false" type="hidden" id="field[2][]" name="field[2][]" value="~|" data-name="consent">
<div class="_row _checkbox-radio">
<input id="field_2I agree to the privacy policy" type="checkbox" name="field[2][]" value="I agree to the privacy policy" data-name="consent">
<span><label for="field_2I agree to the privacy policy">I agree to the privacy policy</label></span>
</div>
</fieldset>
</div>
<div class="_button-wrapper _full_width"><button id="_form_1_submit" class="_submit" type="submit">Submit</button></div>
<div class="_clear-element"></div>
</div>
<div class="_form-thank-you" style="display:none;"></div>
</form>POST https://cpomagazine.activehosted.com/proc.php
<form method="POST" action="https://cpomagazine.activehosted.com/proc.php" id="_form_62D6F39B96035_" class="_form _form_1 _inline-form _dark" novalidate="">
<input type="hidden" name="u" value="62D6F39B96035" data-name="u">
<input type="hidden" name="f" value="1" data-name="f">
<input type="hidden" name="s" data-name="s">
<input type="hidden" name="c" value="0" data-name="c">
<input type="hidden" name="m" value="0" data-name="m">
<input type="hidden" name="act" value="sub" data-name="act">
<input type="hidden" name="v" value="2" data-name="v">
<input type="hidden" name="or" value="8fc0ca1571bedbe04aaf4c8e088ab447" data-name="or">
<div class="_form-content">
<div class="_form_element _x61394459 _full_width _clear">
<div class="_html-code">
<p>Get notified of new articles and relevant events.</p>
</div>
</div>
<div class="_form_element _x31449036 _full_width ">
<label for="email" class="_form-label"></label>
<div class="_field-wrapper">
<input type="text" id="email" name="email" placeholder="Type your email" required="" data-name="email">
</div>
</div>
<div class="_form_element _field2 _full_width ">
<fieldset class="_form-fieldset">
<div class="_row">
<legend for="field[2][]" class="_form-label">
</legend>
</div>
<input data-autofill="false" type="hidden" id="field[2][]" name="field[2][]" value="~|" data-name="consent">
<div class="_row _checkbox-radio">
<input id="field_2I agree to the privacy policy" type="checkbox" name="field[2][]" value="I agree to the privacy policy" data-name="consent">
<span><label for="field_2I agree to the privacy policy">I agree to the privacy policy</label></span>
</div>
</fieldset>
</div>
<div class="_button-wrapper _full_width"><button id="_form_1_submit" class="_submit" type="submit">Submit</button></div>
<div class="_clear-element"></div>
</div>
<div class="_form-thank-you" style="display:none;"></div>
</form>GET https://www.cpomagazine.com/
<form method="get" class="search tipi-flex" action="https://www.cpomagazine.com/"> <input type="search" class="search-field font-b" placeholder="Search" value="" name="s" autocomplete="off" aria-label="search form"> <button
class="tipi-i-search-thin search-submit" type="submit" value="" aria-label="search"></button></form>Text Content
* * * Home * News * Insights * Resources * * * * Cyber SecurityNews ·4 min read OVER 24 BILLION COMPROMISED USER CREDENTIALS CIRCULATING ON THE DARK WEB MARKET Alicia Hope·June 22, 2022 TwitterFacebookLinkedIn Threat intelligence and cyber risk firm Digital Shadows discovered a 65% increase in compromised user credentials circulating on the dark web market. The Account Takeover in 2022 report found more than 24 billion username and password combinations on sale on the dark web, up from 15 billion in 2020. Two years earlier, the number of leaked credentials was just 5 billion, representing a 300% increase from 2018 to 2020. According to the firm, the number of leaked credentials was growing annually and would continue to increase in the coming years. Digital Shadows also found that state-sponsored attackers, hacktivists, and ransomware gangs have leveraged account takeover (ATO) attacks using stolen credentials. EASILY GUESSABLE AND EXPLOITABLE USER CREDENTIALS ARE STILL WIDELY POPULAR The mid-June 2022 report by Digital shadows found that the top 50 most common passwords were easy to guess. Some include combinations of the name ‘password’ with some unforgettable numbers. Similarly, the use of ‘123456’ as a password was very common, accounting for 0.46% or at least once in every 200 passwords. Keyboard combinations such as ‘qwerty’ or ‘1q2w3e’ were also prevalent. Subsequently, the top 100 most common passwords accounted for 2% of the leaked user credentials. Additionally, 49 out of 50 most common passwords could be cracked in less than a second in offline attacks using free or affordable exploitation tools available on the dark web. However, adding a special character (@,_,#) to a simple 10-character password increased the offline crack time by 90 minutes, while adding two special characters increased the time by 2 days and 4 hours. Additionally, the Digital Shadows Photon Research team found a staggering amount of plaintext passwords accounting for 88.7% of stolen passwords in the database. However, they did not explain the percentage of the leaked passwords stolen in hashed format and decrypted by the attackers before listing. Consequently, they suggested that the total number of stolen passwords might be higher than reported. The report posited that increasing the effort and time required to breach an account would make it less worthwhile to attackers, forcing them to focus on other weaker accounts. SOCIAL ENGINEERING AND MALWARE ARE COMMON SOURCES OF STOLEN USER CREDENTIALS The researchers listed malware, phishing, and social engineering as common methods for stealing user credentials. Automated credential harvesting involves info stealers such as the Redline malware that can run in the background. According to the researchers, phishing could also spread infostealers such as Redline malware. However, the easiest method to obtain user credentials was to buy them from dark web forums. The report noted that the price of stolen credentials depends on the age of the account, the file size, the buyer’s reputation, and account type. For example, cryptocurrency-related accounts attracted higher prices. The effects of stolen user credentials are immense. According to the 2022 Verizon Data Breach Investigations Report, attackers gained access using stolen user credentials in 50% of the 20,000 security incidents analyzed. Attackers regularly leverage stolen user credentials as the initial attack vector to deploy malware and exploitation tools before a ransomware attack. “Identities are the true hackers’ objective,” Garret Grajek, CEO at YouAttest. “A username/password tuple can be attempted at not just the resource that is discovered but at multiple targets: banks, credit cards, health care, and business accounts.” Grajek says that attackers could pivot a username with OSINT and discover the compromised workplace. “From there it’s just a matter of logging onto the users’ account in some form, dropping in a RAT (Remote Access Trojan), and then begin the cyber kill chain of lateral movement and privilege escalation. It is imperative that an enterprise practice Zero Trust and strong identity governance which help identify anomalies in user privileges,” Grajek said. DARK WEB MARKETPLACES EXPANDED IN SIZE AND SOPHISTICATION Cybercriminals depend on the dark web to dispose of their stolen user credentials. The Digital Shadows report found that dark web marketplaces continue expanding and offering more exploitation tools, malware, and services. Additionally, the dark web marketplaces introduced various subscription models, including premium services to facilitate the sale and purchase of stolen user credentials. However, the attackers advertised many stolen user credentials on several dark web forums to increase the customer base. This practice introduced duplication in the user credentials listed for sale. Digital Shadows accounted for replication and recorded 6.7 billion unique records after removing the duplicates. Even then, the number of stolen credentials had increased by 1.7 billion from 2020, representing a 34% increase. The report stated that the firm had warned its customers about advertised compromised credentials at least 6.7 million times in the last 18 months. HOW TO PROTECT USER CREDENTIALS FROM DATA LEAKS Digital Shadows advised users to store their passwords using a password manager. Using a password manager allows them to use strong passwords without remembering them. Additionally, they should enable multi-factor authentication, which could replace passwords and other authentication methods. Similarly, using an Authenticator App to generate temporary authentication codes would render exposed credentials useless. “We will move to a ‘passwordless’ future, but for now, the issue of breached credentials is out of control,” Chris Morgan, Senior Cyber Threat Intelligence Analyst at Digital Shadows, said. “Criminals have an endless list of breached credentials they can try, but adding to this problem is weak passwords, which means many accounts can be guessed using automated tools in just seconds.” Morgan said leaked user credentials include those of staff, customers, servers, and IoT devices. He added that the breaches could have been mitigated by stronger passwords and avoiding password reuse across different accounts. Digital Shadows attributed increasing ATO attacks to an increase in the average user’s digital footprint, authentication blind spots by the lack of consistency in authentication, and the failure to secure compromised accounts on time. Report found over 24 billion compromised user credentials circulating on the #darkweb marketplace in 2022, an increase of 65% from 2020. #cybersecurity #respectdataClick to Tweet Kim DeCarlis, CMO at PerimeterX, noted that the cyber threat landscape had changed, with web attacks being part of an integrated cybercrime cycle, with each propagating the other prolonging the attack cycle. “The front door to a web app is a valid user name and password, and it is eye-opening to learn the number of credential pairs available on the dark web,” DeCarlis said. “Stopping the theft, validation, and fraudulent use of account and identity information should be a prime focus for all online businesses.” Stay Updated Get notified of new articles and relevant events. I agree to the privacy policy Submit Marketing by ActiveCampaign TwitterFacebookLinkedIn Tags Account TakeoverDark WebUser Credentials Alicia Hope Staff Correspondent at CPO Magazine Alicia Hope has been a journalist for more than 5 years, reporting on technology, cyber security and data privacy news. LATEST TIKTOK EU PRIVACY POLICY CHANGE, SET TO ENABLE PERSONALIZED ADS WITHOUT CONSENT, PAUSED AFTER WARNING FROM ITALIAN REGULATOR BEST PRACTICES FOR MANAGING THIRD-PARTY IDENTITY RISK TO SUPPORT OPERATIONAL AGILITY REVERSE GOOGLE SEARCHES FACE INCREASED SCRUTINY AS FEARS OF KEYWORD WARRANTS FOR ABORTION SEEKERS GROW QUANTUM RANSOMWARE ATTACK ON FINANCE COMPANY IMPACTS 657 HEALTHCARE ORGANIZATIONS AND MILLIONS OF PATIENTS - Advertisement - LEARN MORE About Contact Our Advertising Privacy Policy Cookie Policy Terms of Use STAY UPDATED Get notified of new articles and relevant events. I agree to the privacy policy Submit News, insights and resources for data protection, privacy and cyber security professionals. LEARN MORE About Contact Our Advertising Privacy Policy Cookie Policy Terms of Use Do Not Sell My Data STAY UPDATED Get notified of new articles and relevant events. I agree to the privacy policy Submit FOLLOW US © 2022 Rezonen Pte. Ltd. * Home * News * Insights * Resources Start typing to see results or hit ESC to close U.S. Data Breach Regulations EU GDPR Facebook See all results